Common Vulnerabilities and Exposures by NIST

CVE-2015-0889 N/A

2015-02-28 2015-02-28

KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2015-0888 N/A

2015-02-28 2015-02-28

KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2015-0887 N/A

2015-02-28 2015-02-28

npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2015-0885 N/A

2015-02-28 2015-02-28

checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2015-0886 N/A

2015-02-28 2015-02-28

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2015-0884 N/A

2015-02-28 2015-02-28

Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2015-0655 N/A

2015-02-28 2015-02-28

Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-9682 N/A

2015-02-28 2015-02-28

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-9676 N/A

2015-02-28 2015-02-28

The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Vendor(s): N/A

Affected OS(s) / software(s): N/A